Internet security researchers use Heartbleed bug to target hackers

Anti-malware researchers have turned the tables on cyber criminals by using the Heartbleed bug to gain access to online forums where hackers congregate.

The bug is a flaw in a key piece of security technology used by more than 500,000 websites had been exposing online passwords and other sensitive data to potential theft for more than two years.

Among the websites affected by the bug were private, password-protected hacker forums, Steven K, a French anti-malware researcher, told the BBC. The researcher said he was able to gain access to the sites by using specially-written tools to target them.

"Not many people have the ability to monitor this forum, but Heartbleed exposed everything," Steven K added, referring to one such website.

Researchers can use the bug to grab conversations from chatrooms where hackers share data, but run the risk of facing criminal charges for malicious hacking, the BBC reports.

More On This...

“This work just goes to show how serious Heartbleed is,” said Charlie Svensson, a computer security researcher at Sentor. “You can get the keys to the kingdom, all thanks to a nice little heartbeat query."

Meanwhile, a new poll released Wednesday by the Pew Research Center said most Americans have been trying to protect themselves from the bug, but a group nearly as large is unaware of the threat.

After word of the problem got out on April 7, affected websites began to close the Heartbleed loophole and security specialists recommended that Web surfers change their online passwords as a precaution.

That advice apparently resonated among those who read about in the extensive media coverage of the Heartbleed risks.

Passwords were changed or online accounts were closed by 39 percent of the Internet users in Pew's telephone survey of 1,501 adults taken in the U.S. from April 23-27.

But 36 percent of the Internet users participating in the survey hadn't heard about Heartbleed at all.

The almost equal division between people insulating themselves from Heartbleed and those unaware of the problem shows there is still a knowledge gap even as the Internet and mobile devices make it quicker and easier to find all kinds of information.

"There are some people who are pretty tuned in and are in an action frame of mind and then there others that don't know about the news that is breaking," said Lee Rainie, director of Pew Research's Internet Project.

Better educated and more affluent Internet users tended to pay the most attention to Heartbleed. Roughly three-fourths of the Internet users aware of Heartbleed had college educations and lived in households with annual incomes of at least $75,000, according to Pew.

Only 19 percent of the survey respondents said they had heard "a lot" about Heartbleed. By comparison, 46 percent said they had heard "a lot" about the escalating tensions between Russia and Ukraine.

Just 6 percent of the survey participants believed Heartbleed led to their online information being ripped off.